Careers > Privacy Notice
Careers > Privacy Notice
Privacy Notice
Privacy Notice
This website, www.careers.grunenthal.com, (hereinafter “website”) is provided by Grünenthal GmbH (hereinafter “we”, “our” or “us”).
We respect your privacy and are committed to protecting your information. In particular, with this privacy statement, we would like to inform you about the purposes of the processing of the personal data that you provide to us, the way this data is collected and processed, and to what extent they are transmitted to third parties. We also explain which rights you have with regards to this data and provide useful contact details in case you have questions or concerns.
Who is responsible for the processing of your personal data?
When you create an account in this website and you provide us with the required information, such as the details about your identity, contact information, education or professional experience. This information is processed by Grünenthal GmbH, Zieglerstraße 6, 52078 Aachen, Germany, regardless of the Grünenthal entity that has published the job offer. Grünenthal GmbH, as the provider of this website for all its affiliated entities worldwide, is responsible for all personal data entered in this website.
Additionally, when the position you are applying for has been published by a Grünenthal entity other than Grünenthal GmbH, all personal data that you provide in this website will be made accessible to the relevant staff of the specific Grünenthal entity, such as the corresponding Talent Acquisition or Hiring Manager. In this case, the specific Grünenthal entity is responsible for the processing of your personal data, together with Grünenthal GmbH. The particular Grünenthal entity can be found in the respective job advertisement.
In any case, the processing of your personal data by Grünenthal GmbH will be made in accordance with the General Data Protection Regulation (the “GDPR”).
What types of personal data do we collect and process?
When you submit your application for a job in our website, we ask you to provide the following categories of personal data:
- Contact information (Name, address, email address, phone number)
- Job-specific information (Your job application form and other details of your application, including your cover letter, CV – previous employment record, professional qualifications and other relevant skills – and references)
Additionally, you might want to submit further information such as the following on a voluntarily basis:
- Education and training (University degrees and certificates obtained, academic results)
- Personal information (Date of birth, age, nationality, gender, languages spoken)
The information which is strictly necessary for the review of your application is marked in the application form with an asterisk (*). There is no obligation for you to provide the data. However, an online application to a job offer published by one of our group companies, requires the provision of the data that is required for the evaluation of the applicants´ profile and the decision to hire. Without this data, an online application cannot be processed.
Additionally, during the application process, other data such as communication content, assessments (e.g. results of job interviews) and application dates are recorded and processed further outside the website, if this is required by law or if you have consented.
Please be aware that we rely on the information you provide us in order to make a fair decision. Therefore:
- Make sure all the submitted information is correct (“do not lie”)
- Make sure you are entitled to share the submitted information with us (“check before you upload”)
What purposes do we process your personal data for?
The personal data that you provide in this website, including any attachments that you upload into the system, will be processed for the purposes of evaluating your eligibility, expertise and profile with respect to the specific job vacancy concerned. In case your application is successful, we will also use your data for the preparation and execution of an employment contract with you.
Our application process does not use solely computer-aided decision making. This means that your application will always also be examined by a natural person.
In our website, you also have the opportunity to create an account where you can manage all your job applications and subscribe for “Job Alerts” in order to stay informed about new career opportunities at Grünenthal. This account is password protected. The applicant´s profile is only visible for Grünenthal employees involved in recruiting activities.
In our career website you can register yourself in our candidate pool. This allows recruiters to see your preferences and experience so that they can reach out to you in case a job opportunity at Grünenthal matches your profile. It’s also possible that recruiter register you to our candidate pool, after you have given your consent outside the system. No matter if you have registered yourself in the candidate pool or the recruiter has registered you, you can delete your candidate profile in the system at any time.
We also use data such as the country where you are applying from, the gender or the channel used for submitting the application, for general data analytics purposes. For example, we are interested in understanding what the preferred channels of our applicants are, or the countries where we obtain a larger number of applications from. However, this data will only be used in an anonymous manner, in such a way that you cannot be identified.
What is the legal basis for the processing of this personal data?
The legal basis for the processing of the personal data that you provide to us in the context of your application is article 6 (1) b) GDPR or article 88 (1) GDPR in connection with section 26 (1) 1 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”) as the data you provide to us in the application process is used to by Grünenthal for hiring decisions.
In addition, if you have provided us with your permission to send you “Job Alerts” by e-mail (see below), the legal basis is article 6 (1) lit. a) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes).
Who will be the recipients of your personal data?
If your application is related to a job offer which has been published by a Grünenthal entity other than Grünenthal GmbH, your personal data will be shared with the relevant personnel of that entity. By relevant personnel we mean only those employees that will necessarily be involved in the recruiting process, such as the corresponding Talent Acquisition or Hiring Manager.
Your personal data will also be processed by our own service providers (e. g. data processors). These providers have a contractual obligation to process your personal data only based on strict instructions from us. We ensure that all our service providers process personal data securely, both contractually and factually.
Will the personal data be transferred to third countries?
While your data will be stored in servers which are located in the European Union, please be aware that, if your application concerns a Grünenthal entity which is not located in the European Union (“EU”) or the Economic European Area (“EEA”), your personal data will be disclosed to personnel which are located in a country where there is a lower level of data protection. In addition, some of our service providers employ staff who have access to your personal data (e. g. support staff), and are located in third countries.
In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these parties. Grünenthal will apply the EU-Standard-Contractual Clauses to such transfers wherever feasible.
How long do we keep your personal data for?
As a general rule, all information related to a single application for a job vacancy will be stored as long as the vacancy is open plus 6 months; after this period all the data you entered will be deleted automatically.
If your application succeeds, the submitted data will be stored in SAP SuccessFactors.
If you do not delete your profile, your personal data will remain stored for up to 48 months, starting from the last log-in date and provided that your application status is non-active. This means that you can re-use the data that you have provided in your profile should you apply for other vacancies or being a member of the candidate pool. After this period, your applicant profile will be retained in an anonymised manner only for general data analytics purposes, as previously described.
Setting of cookies
What are cookies?
Our website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.
What cookies do we use?
We only use functional cookies which are necessary for the functionality of our website. The session is managed with these cookies. All cookies will expire when the user’s browser is closed. The user must allow the usage of these cookies with their browser.
The following overview contains a detailed description of the functional cookies we use:
Cookie: rmk0
Purpose and content: The user's encrypted e-mail address, if known.
Lifespan: Expires when the browser session ends.
Cookie: JSESSIONID
Purpose and content: Single cookie placed on the users device during the session so the server can identify the user
Lifespan: Expires when the browser session ends.
Cookie: LoadBalancer Cookie
Purpose and content: Cookie for session stickiness so a user doesn't bounce from one instance to another - issued by F5 typically
Lifespan: Expires when the browser session ends.
Cookie: Route
Purpose and content: A standard cookie used for session stickiness between the organization's public career site generated by Career Site Builder, and pages generated by SAP SuccessFactors Recruiting, such as Candidate Profile. The cookie is required and can't be disabled.
Lifespan: Expires when the browser session ends.
Cookie: CareerSiteCompanyId
Purpose and content: Used by Akamai to send the request to the correct data centre. The cookie is required. If disabled, users can no longer access the site.
Lifespan: Expires when the browser session ends.
"Job Alert" notification
You have the option to subscribe for receiving notifications of vacancies from the Grünenthal Group. For this purpose, you have to create an account in our career site. In the account settings the option “Notification” can be used to receive notifications about new job postings via email.
If you no longer wish to receive notifications, you can deactivate the option “Notification” in your account settings.
Matomo
We use the open source software tool Matomo (formerly PIWIK) from InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand on our website to analyze the surfing behavior of our users. Matomo is an open source tool for web analysis.
Matomo Tag Manager is a tag management system for managing JavaScript and HTML tags used to implement tracking, analytics and marketing tools.
Matomo uses cookies. These text files are stored on your computer and make it possible for us to analyze the use of the website. For this purpose, the usage information obtained by the cookie is transmitted to us and stored so that the usage behavior can be evaluated. Your IP address is immediately anonymized; thus you remain anonymous as a user. The information generated by the cookie about your use of this website will not be disclosed to third parties.
We understand this analysis as part of our Internet services. We would like to use it to further improve the website and adapt it even more to the needs of the users.
These processing operations are only carried out if explicit consent is given in accordance with Art. 6 (1) a) GDPR.
If individual pages of our website are called up, the following data is stored:
1) Bytes of the IP address of the calling system of the user are anonymized.
2) The website from which the user accessed the called website (referrer).
3) The subpages accessed from the accessed website
4) The time spent on the website
5) The frequency of accessing the web page
In this regard, the software runs exclusively on the servers within our control and within the Matomo Cloud. We have concluded a data processing agreement with InnoCraft Ltd. about data processing on our behalf. Storage of the users' personal data only takes place there. The data is not passed on to third parties.
We store this data for a period of at least two years, unless you revoke your consent beforehand.
You can view the data protection provisions of Matomo at: https://matomo.org/privacy/
Matomo Tag Manager
On our website we use Matomo Tag Manager. Matomo Tag Manager is an extension of the open source Matomo web analytics solution. The Tag Manager is used to integrate tracking events (marketing cookies) and control the integration of third-party code. The legal basis for the data processing is Art. 6 (1) f) GDPR. The legitimate interest is the error-free functioning of the website. The deletion of the data takes place as soon as the purpose of the collection has been fulfilled.
How do we secure your personal data?
We implement all the technical, organisational and security measures required to protect the confidentiality and security of the personal data collected in this website, including sensitive personal data. Your personal data will be protected against unauthorised access through encrypted transmission and storage, a role and authorisation concept, a data backup concept and physical security measures for the servers.
These measures include the following:
- An username and password are required in order to access our systems and databases.
- Authentication and authorisation are based on roles.
- Service providers sign confidentiality and data protection clauses.
- Editing rights to the back office tools in which your personal data is processed are restricted to a limited number of duly authorised persons with a specific IT profile.
For our job application site we use SAP SuccessFactors Recruiting Management, a web-based application using “software as a service”. Communication occurs over the public internet. The application is accessed through a browser. SSL technology protects information by using both server authentication and data encryption to help ensure that data is safe, secure and available only to the user concerned.
External users must log on using their own email address. When logging on for the first time, you will be asked to create an account and choose a password.
SAP SuccessFactors requires a unique username and password that must be entered each time you log on. Passwords must be strong and conform to specific requirements. They must be changed at regular intervals. The password and login policy setting for staff and externals can be set and modified by us.
External services or content on our Website
We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for its own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.
For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:
For the purpose of an interactive design of our website third-party content from Vimeo is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6 (1) Clause 1 lit. f GDPR.
Vimeo (videos)
This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.
As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.
You can find out more information about data collection, how you data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy: http://vimeo.com/privacy.
Eye-Able
Eye-Able® is a software of Web Inclusion GmbH to ensure barrier-reduced access to information on the Internet for all people.
The necessary files such as JavaScript, stylesheets and images are loaded from an external server. Eye-Able uses the local storage of the browser to save the settings when functions are activated. All settings are only stored locally and are not transferred further. In order to fend off attacks and provide our service in near real time, Eye-Able® uses the Content Delivery Network (CDN) of BunnyWay d.o.o. (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). This is used for the purpose of fulfilling contracts with our customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). All transmitting data and servers remain in the EU at all times to enable data protection-compliant processing in accordance with DSGVO. Web Inclusion GmbH does not collect or analyze personal user behavior or other personal data at any time. In order to ensure data protection-compliant processing, Web Inclusion GmbH has concluded commissioned processing contracts with our hosters IONOS and BunnyWay. For more information, please see the privacy statements: https://eye-able.com/en/privacy-policy/ https://bunny.net/privacy
What are your data privacy rights?
Please note, that if you wish to change your information, you can log into your candidate profile at any time and modify the information you have provided. You can also delete your profile under "My Profile" by clicking on “Options” > “Settings” > “Delete Profile”. Your profile data will then be erased from the database entirely.
Without prejudice to the possibility to change your information as described above, you have the following rights according to applicable data privacy laws:
- right of information about your personal data stored by us;
- right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
- right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to proof that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
- right to data portability;
- right to file a complaint with a data protection authority;
- Right to revoke your consent to the sending of “Job Alerts” at any time with future effect.
You can exercise your data privacy rights by sending an e-mail to dataprivacy.de@grunenthal.com. You can also contact the data protection officer of the Grünenthal entity that has published the job offer. The contact details are usually available in the privacy statement of the corporate website of each Grünenthal entity.
Requests and complaints
If you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Global Data Protection officer by using the following email address: datenschutz.grunenthal@two-towers.eu
Data Protection Supervisory Authority
You may address questions and complaints also to the Data Protection Supervisory Authority in charge:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Telefon: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de
Amendment of Privacy Statement
We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.
This Data Privacy Statement was last updated on 7 March 2024.
This website, www.careers.grunenthal.com, (hereinafter “website”) is provided by Grünenthal GmbH (hereinafter “we”, “our” or “us”).
We respect your privacy and are committed to protecting your information. In particular, with this privacy statement, we would like to inform you about the purposes of the processing of the personal data that you provide to us, the way this data is collected and processed, and to what extent they are transmitted to third parties. We also explain which rights you have with regards to this data and provide useful contact details in case you have questions or concerns.
Who is responsible for the processing of your personal data?
When you create an account in this website and you provide us with the required information, such as the details about your identity, contact information, education or professional experience. This information is processed by Grünenthal GmbH, Zieglerstraße 6, 52078 Aachen, Germany, regardless of the Grünenthal entity that has published the job offer. Grünenthal GmbH, as the provider of this website for all its affiliated entities worldwide, is responsible for all personal data entered in this website.
Additionally, when the position you are applying for has been published by a Grünenthal entity other than Grünenthal GmbH, all personal data that you provide in this website will be made accessible to the relevant staff of the specific Grünenthal entity, such as the corresponding Talent Acquisition or Hiring Manager. In this case, the specific Grünenthal entity is responsible for the processing of your personal data, together with Grünenthal GmbH. The particular Grünenthal entity can be found in the respective job advertisement.
In any case, the processing of your personal data by Grünenthal GmbH will be made in accordance with the General Data Protection Regulation (the “GDPR”).
What types of personal data do we collect and process?
When you submit your application for a job in our website, we ask you to provide the following categories of personal data:
- Contact information (Name, address, email address, phone number)
- Job-specific information (Your job application form and other details of your application, including your cover letter, CV – previous employment record, professional qualifications and other relevant skills – and references)
Additionally, you might want to submit further information such as the following on a voluntarily basis:
- Education and training (University degrees and certificates obtained, academic results)
- Personal information (Date of birth, age, nationality, gender, languages spoken)
The information which is strictly necessary for the review of your application is marked in the application form with an asterisk (*). There is no obligation for you to provide the data. However, an online application to a job offer published by one of our group companies, requires the provision of the data that is required for the evaluation of the applicants´ profile and the decision to hire. Without this data, an online application cannot be processed.
Additionally, during the application process, other data such as communication content, assessments (e.g. results of job interviews) and application dates are recorded and processed further outside the website, if this is required by law or if you have consented.
Please be aware that we rely on the information you provide us in order to make a fair decision. Therefore:
- Make sure all the submitted information is correct (“do not lie”)
- Make sure you are entitled to share the submitted information with us (“check before you upload”)
What purposes do we process your personal data for?
The personal data that you provide in this website, including any attachments that you upload into the system, will be processed for the purposes of evaluating your eligibility, expertise and profile with respect to the specific job vacancy concerned. In case your application is successful, we will also use your data for the preparation and execution of an employment contract with you.
Our application process does not use solely computer-aided decision making. This means that your application will always also be examined by a natural person.
In our website, you also have the opportunity to create an account where you can manage all your job applications and subscribe for “Job Alerts” in order to stay informed about new career opportunities at Grünenthal. This account is password protected. The applicant´s profile is only visible for Grünenthal employees involved in recruiting activities.
In our career website you can register yourself in our candidate pool. This allows recruiters to see your preferences and experience so that they can reach out to you in case a job opportunity at Grünenthal matches your profile. It’s also possible that recruiter register you to our candidate pool, after you have given your consent outside the system. No matter if you have registered yourself in the candidate pool or the recruiter has registered you, you can delete your candidate profile in the system at any time.
We also use data such as the country where you are applying from, the gender or the channel used for submitting the application, for general data analytics purposes. For example, we are interested in understanding what the preferred channels of our applicants are, or the countries where we obtain a larger number of applications from. However, this data will only be used in an anonymous manner, in such a way that you cannot be identified.
What is the legal basis for the processing of this personal data?
The legal basis for the processing of the personal data that you provide to us in the context of your application is article 6 (1) b) GDPR or article 88 (1) GDPR in connection with section 26 (1) 1 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”) as the data you provide to us in the application process is used to by Grünenthal for hiring decisions.
In addition, if you have provided us with your permission to send you “Job Alerts” by e-mail (see below), the legal basis is article 6 (1) lit. a) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes).
Who will be the recipients of your personal data?
If your application is related to a job offer which has been published by a Grünenthal entity other than Grünenthal GmbH, your personal data will be shared with the relevant personnel of that entity. By relevant personnel we mean only those employees that will necessarily be involved in the recruiting process, such as the corresponding Talent Acquisition or Hiring Manager.
Your personal data will also be processed by our own service providers (e. g. data processors). These providers have a contractual obligation to process your personal data only based on strict instructions from us. We ensure that all our service providers process personal data securely, both contractually and factually.
Will the personal data be transferred to third countries?
While your data will be stored in servers which are located in the European Union, please be aware that, if your application concerns a Grünenthal entity which is not located in the European Union (“EU”) or the Economic European Area (“EEA”), your personal data will be disclosed to personnel which are located in a country where there is a lower level of data protection. In addition, some of our service providers employ staff who have access to your personal data (e. g. support staff), and are located in third countries.
In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these parties. Grünenthal will apply the EU-Standard-Contractual Clauses to such transfers wherever feasible.
How long do we keep your personal data for?
As a general rule, all information related to a single application for a job vacancy will be stored as long as the vacancy is open plus 6 months; after this period all the data you entered will be deleted automatically.
If your application succeeds, the submitted data will be stored in SAP SuccessFactors.
If you do not delete your profile, your personal data will remain stored for up to 48 months, starting from the last log-in date and provided that your application status is non-active. This means that you can re-use the data that you have provided in your profile should you apply for other vacancies or being a member of the candidate pool. After this period, your applicant profile will be retained in an anonymised manner only for general data analytics purposes, as previously described.
Setting of cookies
What are cookies?
Our website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.
What cookies do we use?
We only use functional cookies which are necessary for the functionality of our website. The session is managed with these cookies. All cookies will expire when the user’s browser is closed. The user must allow the usage of these cookies with their browser.
The following overview contains a detailed description of the functional cookies we use:
Cookie: rmk0
Purpose and content: The user's encrypted e-mail address, if known.
Lifespan: Expires when the browser session ends.
Cookie: JSESSIONID
Purpose and content: Single cookie placed on the users device during the session so the server can identify the user
Lifespan: Expires when the browser session ends.
Cookie: LoadBalancer Cookie
Purpose and content: Cookie for session stickiness so a user doesn't bounce from one instance to another - issued by F5 typically
Lifespan: Expires when the browser session ends.
Cookie: Route
Purpose and content: A standard cookie used for session stickiness between the organization's public career site generated by Career Site Builder, and pages generated by SAP SuccessFactors Recruiting, such as Candidate Profile.
Lifespan: Expires when the browser session ends.
Cookie: CareerSiteCompanyId
Purpose and content: Used by Akamai to send the request to the correct data center.
The cookie is required. If disabled, users can no longer access the site.
Lifespan: Expires when the browser session ends.
"Job Alert" notification
You have the option to subscribe for receiving notifications of vacancies from the Grünenthal Group. For this purpose, you have to create an account in our career site. In the account settings the option “Notification” can be used to receive notifications about new job postings via email.
If you no longer wish to receive notifications, you can deactivate the option “Notification” in your account settings.
Matomo
We use the open source software tool Matomo (formerly PIWIK) from InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand on our website to analyze the surfing behavior of our users. Matomo is an open source tool for web analysis.
Matomo Tag Manager is a tag management system for managing JavaScript and HTML tags used to implement tracking, analytics and marketing tools.
Matomo uses cookies. These text files are stored on your computer and make it possible for us to analyze the use of the website. For this purpose, the usage information obtained by the cookie is transmitted to us and stored so that the usage behavior can be evaluated. Your IP address is immediately anonymized; thus you remain anonymous as a user. The information generated by the cookie about your use of this website will not be disclosed to third parties.
We understand this analysis as part of our Internet services. We would like to use it to further improve the website and adapt it even more to the needs of the users.
These processing operations are only carried out if explicit consent is given in accordance with Art. 6 (1) a) GDPR.
If individual pages of our website are called up, the following data is stored:
1) Bytes of the IP address of the calling system of the user are anonymized.
2) The website from which the user accessed the called website (referrer).
3) The subpages accessed from the accessed website
4) The time spent on the website
5) The frequency of accessing the web page
In this regard, the software runs exclusively on the servers within our control and within the Matomo Cloud. We have concluded a data processing agreement with InnoCraft Ltd. about data processing on our behalf. Storage of the users' personal data only takes place there. The data is not passed on to third parties.
We store this data for a period of at least two years, unless you revoke your consent beforehand.
You can view the data protection provisions of Matomo at: https://matomo.org/privacy/
Matomo Tag Manager
On our website we use Matomo Tag Manager. Matomo Tag Manager is an extension of the open source Matomo web analytics solution. The Tag Manager is used to integrate tracking events (marketing cookies) and control the integration of third-party code. The legal basis for the data processing is Art. 6 (1) f) GDPR. The legitimate interest is the error-free functioning of the website. The deletion of the data takes place as soon as the purpose of the collection has been fulfilled.
How do we secure your personal data?
We implement all the technical, organisational and security measures required to protect the confidentiality and security of the personal data collected in this website, including sensitive personal data. Your personal data will be protected against unauthorised access through encrypted transmission and storage, a role and authorisation concept, a data backup concept and physical security measures for the servers.
These measures include the following:
- An username and password are required in order to access our systems and databases.
- Authentication and authorisation are based on roles.
- Service providers sign confidentiality and data protection clauses.
- Editing rights to the back office tools in which your personal data is processed are restricted to a limited number of duly authorised persons with a specific IT profile.
For our job application site we use SAP SuccessFactors Recruiting Management, a web-based application using “software as a service”. Communication occurs over the public internet. The application is accessed through a browser. SSL technology protects information by using both server authentication and data encryption to help ensure that data is safe, secure and available only to the user concerned.
External users must log on using their own email address. When logging on for the first time, you will be asked to create an account and choose a password.
SAP SuccessFactors requires a unique username and password that must be entered each time you log on. Passwords must be strong and conform to specific requirements. They must be changed at regular intervals. The password and login policy setting for staff and externals can be set and modified by us.
External services or content on our Website
We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for its own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.
For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:
For the purpose of an interactive design of our website third-party content from Vimeo is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6 (1) Clause 1 lit. f GDPR.
Vimeo (videos)
This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.
As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.
You can find out more information about data collection, how you data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy: http://vimeo.com/privacy.
What are your data privacy rights?
Please note, that if you wish to change your information, you can log into your candidate profile at any time and modify the information you have provided. You can also delete your profile under "My Profile" by clicking on “Options” > “Settings” > “Delete Profile”. Your profile data will then be erased from the database entirely.
Without prejudice to the possibility to change your information as described above, you have the following rights according to applicable data privacy laws:
- right of information about your personal data stored by us;
- right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
- right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to proof that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
- right to data portability;
- right to file a complaint with a data protection authority;
- Right to revoke your consent to the sending of “Job Alerts” at any time with future effect.
You can exercise your data privacy rights by sending an e-mail to dataprivacy.de@grunenthal.com. You can also contact the data protection officer of the Grünenthal entity that has published the job offer. The contact details are usually available in the privacy statement of the corporate website of each Grünenthal entity.
Requests and complaints
If you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Global Data Protection officer by using the following email address: datenschutz.grunenthal@two-towers.eu
Data Protection Supervisory Authority
You may address questions and complaints also to the Data Protection Supervisory Authority in charge:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Telefon: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de
Amendment of Privacy Statement
We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.
This Data Privacy Statement was last updated on 07 March 2024.
This website, www.careers.grunenthal.com, (hereinafter “website”) is provided by Grünenthal GmbH (hereinafter “we”, “our” or “us”).
We respect your privacy and are committed to protecting your information. In particular, with this privacy statement, we would like to inform you about the purposes of the processing of the personal data that you provide to us, the way this data is collected and processed, and to what extent they are transmitted to third parties. We also explain which rights you have with regards to this data and provide useful contact details in case you have questions or concerns.
Who is responsible for the processing of your personal data?
When you create an account in this website and you provide us with the required information, such as the details about your identity, contact information, education or professional experience. This information is processed by Grünenthal GmbH, Zieglerstraße 6, 52078 Aachen, Germany, regardless of the Grünenthal entity that has published the job offer. Grünenthal GmbH, as the provider of this website for all its affiliated entities worldwide, is responsible for all personal data entered in this website.
Additionally, when the position you are applying for has been published by a Grünenthal entity other than Grünenthal GmbH, all personal data that you provide in this website will be made accessible to the relevant staff of the specific Grünenthal entity, such as the corresponding Talent Acquisition or Hiring Manager. In this case, the specific Grünenthal entity is responsible for the processing of your personal data, together with Grünenthal GmbH. The particular Grünenthal entity can be found in the respective job advertisement.
In any case, the processing of your personal data by Grünenthal GmbH will be made in accordance with the General Data Protection Regulation (the “GDPR”).
What types of personal data do we collect and process?
When you submit your application for a job in our website, we ask you to provide the following categories of personal data:
- Contact information (Name, address, email address, phone number)
- Job-specific information (Your job application form and other details of your application, including your cover letter, CV – previous employment record, professional qualifications and other relevant skills – and references)
Additionally, you might want to submit further information such as the following on a voluntarily basis:
- Education and training (University degrees and certificates obtained, academic results)
- Personal information (Date of birth, age, nationality, gender, languages spoken)
The information which is strictly necessary for the review of your application is marked in the application form with an asterisk (*). There is no obligation for you to provide the data. However, an online application to a job offer published by one of our group companies, requires the provision of the data that is required for the evaluation of the applicants´ profile and the decision to hire. Without this data, an online application cannot be processed.
Additionally, during the application process, other data such as communication content, assessments (e.g. results of job interviews) and application dates are recorded and processed further outside the website, if this is required by law or if you have consented.
Please be aware that we rely on the information you provide us in order to make a fair decision. Therefore:
- Make sure all the submitted information is correct (“do not lie”)
- Make sure you are entitled to share the submitted information with us (“check before you upload”)
What purposes do we process your personal data for?
The personal data that you provide in this website, including any attachments that you upload into the system, will be processed for the purposes of evaluating your eligibility, expertise and profile with respect to the specific job vacancy concerned. In case your application is successful, we will also use your data for the preparation and execution of an employment contract with you.
Our application process does not use solely computer-aided decision making. This means that your application will always also be examined by a natural person.
In our website, you also have the opportunity to create an account where you can manage all your job applications and subscribe for “Job Alerts” in order to stay informed about new career opportunities at Grünenthal. This account is password protected. The applicant´s profile is only visible for Grünenthal employees involved in recruiting activities.
In our career website you can register yourself in our candidate pool. This allows recruiters to see your preferences and experience so that they can reach out to you in case a job opportunity at Grünenthal matches your profile. It’s also possible that recruiter register you to our candidate pool, after you have given your consent outside the system. No matter if you have registered yourself in the candidate pool or the recruiter has registered you, you can delete your candidate profile in the system at any time.
We also use data such as the country where you are applying from, the gender or the channel used for submitting the application, for general data analytics purposes. For example, we are interested in understanding what the preferred channels of our applicants are, or the countries where we obtain a larger number of applications from. However, this data will only be used in an anonymous manner, in such a way that you cannot be identified.
What is the legal basis for the processing of this personal data?
The legal basis for the processing of the personal data that you provide to us in the context of your application is article 6 (1) b) GDPR or article 88 (1) GDPR in connection with section 26 (1) 1 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”) as the data you provide to us in the application process is used to by Grünenthal for hiring decisions.
In addition, if you have provided us with your permission to send you “Job Alerts” by e-mail (see below), the legal basis is article 6 (1) lit. a) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes).
Who will be the recipients of your personal data?
If your application is related to a job offer which has been published by a Grünenthal entity other than Grünenthal GmbH, your personal data will be shared with the relevant personnel of that entity. By relevant personnel we mean only those employees that will necessarily be involved in the recruiting process, such as the corresponding Talent Acquisition or Hiring Manager.
Your personal data will also be processed by our own service providers (e. g. data processors). These providers have a contractual obligation to process your personal data only based on strict instructions from us. We ensure that all our service providers process personal data securely, both contractually and factually.
Will the personal data be transferred to third countries?
While your data will be stored in servers which are located in the European Union, please be aware that, if your application concerns a Grünenthal entity which is not located in the European Union (“EU”) or the Economic European Area (“EEA”), your personal data will be disclosed to personnel which are located in a country where there is a lower level of data protection. In addition, some of our service providers employ staff who have access to your personal data (e. g. support staff), and are located in third countries.
In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these parties. Grünenthal will apply the EU-Standard-Contractual Clauses to such transfers wherever feasible.
How long do we keep your personal data for?
As a general rule, all information related to a single application for a job vacancy will be stored as long as the vacancy is open plus 6 months; after this period all the data you entered will be deleted automatically.
If your application succeeds, the submitted data will be stored in SAP SuccessFactors.
If you do not delete your profile, your personal data will remain stored for up to 48 months, starting from the last log-in date and provided that your application status is non-active. This means that you can re-use the data that you have provided in your profile should you apply for other vacancies or being a member of the candidate pool. After this period, your applicant profile will be retained in an anonymised manner only for general data analytics purposes, as previously described.
Setting of cookies
What are cookies?
Our website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.
What cookies do we use?
We only use functional cookies which are necessary for the functionality of our website. The session is managed with these cookies. All cookies will expire when the user’s browser is closed. The user must allow the usage of these cookies with their browser.
The following overview contains a detailed description of the functional cookies we use:
Cookie: rmk0
Purpose and content: The user's encrypted e-mail address, if known.
Lifespan: Expires when the browser session ends.
Cookie: JSESSIONID
Purpose and content: Single cookie placed on the users device during the session so the server can identify the user
Lifespan: Expires when the browser session ends.
Cookie: LoadBalancer Cookie
Purpose and content: Cookie for session stickiness so a user doesn't bounce from one instance to another - issued by F5 typically
Lifespan: Expires when the browser session ends.
Cookie: Route
Purpose and content: A standard cookie used for session stickiness between the organization's public career site generated by Career Site Builder, and pages generated by SAP SuccessFactors Recruiting, such as Candidate Profile.
Lifespan: Expires when the browser session ends.
Cookie: CareerSiteCompanyId
Purpose and content: Used by Akamai to send the request to the correct data center.
The cookie is required. If disabled, users can no longer access the site.
Lifespan: Expires when the browser session ends.
"Job Alert" notification
You have the option to subscribe for receiving notifications of vacancies from the Grünenthal Group. For this purpose, you have to create an account in our career site. In the account settings the option “Notification” can be used to receive notifications about new job postings via email.
If you no longer wish to receive notifications, you can deactivate the option “Notification” in your account settings.
Matomo
We use the open source software tool Matomo (formerly PIWIK) from InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand on our website to analyze the surfing behavior of our users. Matomo is an open source tool for web analysis.
Matomo Tag Manager is a tag management system for managing JavaScript and HTML tags used to implement tracking, analytics and marketing tools.
Matomo uses cookies. These text files are stored on your computer and make it possible for us to analyze the use of the website. For this purpose, the usage information obtained by the cookie is transmitted to us and stored so that the usage behavior can be evaluated. Your IP address is immediately anonymized; thus you remain anonymous as a user. The information generated by the cookie about your use of this website will not be disclosed to third parties.
We understand this analysis as part of our Internet services. We would like to use it to further improve the website and adapt it even more to the needs of the users.
These processing operations are only carried out if explicit consent is given in accordance with Art. 6 (1) a) GDPR.
If individual pages of our website are called up, the following data is stored:
1) Bytes of the IP address of the calling system of the user are anonymized.
2) The website from which the user accessed the called website (referrer).
3) The subpages accessed from the accessed website
4) The time spent on the website
5) The frequency of accessing the web page
In this regard, the software runs exclusively on the servers within our control and within the Matomo Cloud. We have concluded a data processing agreement with InnoCraft Ltd. about data processing on our behalf. Storage of the users' personal data only takes place there. The data is not passed on to third parties.
We store this data for a period of at least two years, unless you revoke your consent beforehand.
You can view the data protection provisions of Matomo at: https://matomo.org/privacy/
Matomo Tag Manager
On our website we use Matomo Tag Manager. Matomo Tag Manager is an extension of the open source Matomo web analytics solution. The Tag Manager is used to integrate tracking events (marketing cookies) and control the integration of third-party code. The legal basis for the data processing is Art. 6 (1) f) GDPR. The legitimate interest is the error-free functioning of the website. The deletion of the data takes place as soon as the purpose of the collection has been fulfilled.
How do we secure your personal data?
We implement all the technical, organisational and security measures required to protect the confidentiality and security of the personal data collected in this website, including sensitive personal data. Your personal data will be protected against unauthorised access through encrypted transmission and storage, a role and authorisation concept, a data backup concept and physical security measures for the servers.
These measures include the following:
- An username and password are required in order to access our systems and databases.
- Authentication and authorisation are based on roles.
- Service providers sign confidentiality and data protection clauses.
- Editing rights to the back office tools in which your personal data is processed are restricted to a limited number of duly authorised persons with a specific IT profile.
For our job application site we use SAP SuccessFactors Recruiting Management, a web-based application using “software as a service”. Communication occurs over the public internet. The application is accessed through a browser. SSL technology protects information by using both server authentication and data encryption to help ensure that data is safe, secure and available only to the user concerned.
External users must log on using their own email address. When logging on for the first time, you will be asked to create an account and choose a password.
SAP SuccessFactors requires a unique username and password that must be entered each time you log on. Passwords must be strong and conform to specific requirements. They must be changed at regular intervals. The password and login policy setting for staff and externals can be set and modified by us.
External services or content on our Website
We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for its own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.
For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:
For the purpose of an interactive design of our website third-party content from Vimeo is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6 (1) Clause 1 lit. f GDPR.
Vimeo (videos)
This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.
As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.
You can find out more information about data collection, how you data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy: http://vimeo.com/privacy.
Eye-Able
Eye-Able® is a software of Web Inclusion GmbH to ensure barrier-reduced access to information on the Internet for all people.
The necessary files such as JavaScript, stylesheets and images are loaded from an external server. Eye-Able uses the local storage of the browser to save the settings when functions are activated. All settings are only stored locally and are not transferred further. In order to fend off attacks and provide our service in near real time, Eye-Able® uses the Content Delivery Network (CDN) of BunnyWay d.o.o. (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). This is used for the purpose of fulfilling contracts with our customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). All transmitting data and servers remain in the EU at all times to enable data protection-compliant processing in accordance with DSGVO. Web Inclusion GmbH does not collect or analyze personal user behavior or other personal data at any time. In order to ensure data protection-compliant processing, Web Inclusion GmbH has concluded commissioned processing contracts with our hosters IONOS and BunnyWay. For more information, please see the privacy statements: https://eye-able.com/en/privacy-policy/ https://bunny.net/privacy
What are your data privacy rights?
Please note, that if you wish to change your information, you can log into your candidate profile at any time and modify the information you have provided. You can also delete your profile under "My Profile" by clicking on “Options” > “Settings” > “Delete Profile”. Your profile data will then be erased from the database entirely.
Without prejudice to the possibility to change your information as described above, you have the following rights according to applicable data privacy laws:
- right of information about your personal data stored by us;
- right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
- right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to proof that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
- right to data portability;
- right to file a complaint with a data protection authority;
- Right to revoke your consent to the sending of “Job Alerts” at any time with future effect.
You can exercise your data privacy rights by sending an e-mail to dataprivacy.de@grunenthal.com. You can also contact the data protection officer of the Grünenthal entity that has published the job offer. The contact details are usually available in the privacy statement of the corporate website of each Grünenthal entity.
Requests and complaints
If you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Global Data Protection officer by using the following email address: datenschutz.grunenthal@two-towers.eu
Data Protection Supervisory Authority
You may address questions and complaints also to the Data Protection Supervisory Authority in charge:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Telefon: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de
Amendment of Privacy Statement
We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.
This Data Privacy Statement was last updated on 07 March 2024.